src: restore --echo with anonymous sets

If --echo is passed, then the cache already contains the commands that
have been sent to the kernel. However, anonymous sets are an exception
since the cache needs to be updated in this case.

Remove the old cache logic from the monitor code that has been replaced
by 01e5c6f0ed03 ("src: add cache level flags").

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Phil Sutter <phil@nwl.cc>

diff --git a/include/netlink.h b/include/netlink.h
index 279723f33d316bd5e5c6d01d0046b428b2ed17f1..e6941714d5b920f879951cbbde6d188185787dc0 100644 (file)
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -171,7 +171,6 @@ struct netlink_mon_handler {
        struct netlink_ctx      *ctx;
        const struct location   *loc;
        unsigned int            debug_mask;
-       bool                    cache_needed;
        struct nft_cache        *cache;
 };
 

diff --git a/src/monitor.c b/src/monitor.c
index 20810a5de0cfb36c3bc03e6c98e7e42f438282a0..ea0393cddff41c3d3e625848045aadf57624dc63 100644 (file)
--- a/src/monitor.c
+++ b/src/monitor.c
@@ -609,6 +609,12 @@ static void netlink_events_cache_addset(struct netlink_mon_handler *monh,
                goto out;
        }
 
+       if (nft_output_echo(&monh->ctx->nft->output) &&
+           !set_is_anonymous(s->flags)) {
+               set_free(s);
+               goto out;
+       }
+
        set_add_hash(s, t);
 out:
        nftnl_set_free(nls);
@@ -636,6 +642,10 @@ static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh,
                goto out;
        }
 
+       if (nft_output_echo(&monh->ctx->nft->output) &&
+           !set_is_anonymous(set->flags))
+               goto out;
+
        nlsei = nftnl_set_elems_iter_create(nls);
        if (nlsei == NULL)
                memory_allocation_error();
@@ -744,7 +754,8 @@ out:
 static void netlink_events_cache_update(struct netlink_mon_handler *monh,
                                        const struct nlmsghdr *nlh, int type)
 {
-       if (!monh->cache_needed)
+       if (nft_output_echo(&monh->ctx->nft->output) &&
+           type != NFT_MSG_NEWSET && type != NFT_MSG_NEWSETELEM)
                return;
 
        switch (type) {

diff --git a/src/rule.c b/src/rule.c
index 19a06bea36ea1e786aafe9d9c9aa254be0a9c746..55894cbdb766c72a1f807e9fd4cb57aab2f4fbbb 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -2502,23 +2502,6 @@ static int do_command_rename(struct netlink_ctx *ctx, struct cmd *cmd)
        return 0;
 }
 
-static bool need_cache(const struct cmd *cmd)
-{
-       /*
-        *  - new rules in default format
-        *  - new elements
-        */
-       if (((cmd->monitor->flags & (1 << NFT_MSG_NEWRULE)) &&
-           (cmd->monitor->format == NFTNL_OUTPUT_DEFAULT)) ||
-           (cmd->monitor->flags & (1 << NFT_MSG_NEWSETELEM)))
-               return true;
-
-       if (cmd->monitor->flags & (1 << NFT_MSG_TRACE))
-               return true;
-
-       return false;
-}
-
 static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd)
 {
        struct netlink_mon_handler monhandler = {
@@ -2533,8 +2516,6 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd)
        if (nft_output_json(&ctx->nft->output))
                monhandler.format = NFTNL_OUTPUT_JSON;
 
-       monhandler.cache_needed = need_cache(cmd);
-
        return netlink_monitor(&monhandler, ctx->nft->nf_sock);
 }